Merge pull request #1065 from cwatson-cat/8-1-24-usx-toc-draft

American-Dipper · web-flow · commit 7c61fcaf8218 · 2024-09-12T10:20:34.000-07:00
USX TOC DRAFT 2 - under XDR so it'll build
diff --git a/defender-xdr/unified-soc-platform/TOC.yml b/defender-xdr/unified-soc-platform/TOC.yml
@@ -0,0 +1,200 @@
+- name: Microsoft unified security operations platform
+  href: index.yml
+  expanded: true
+  items:
+    - name: Overview
+      items:
+      - name: What is the Microsoft unified security operations platform?
+        href: /defender-xdr/microsoft-365-defender ## PLACEHOLDER LINK
+      - name: What's new
+        href: /defender-xdr/unified-soc-platform/whats-new.md
+      - name: Defender portal service integration
+        items:
+        - name: Microsoft Defender XDR
+          href: /defender-xdr/microsoft-365-defender-portal ## Placeholder article
+        - name: Microsoft Security Exposure Management
+          href: /security-exposure-management/get-started-exposure-management
+        - name: Microsoft Sentinel
+          items:
+          - name: Microsoft Sentinel integration
+            href: /azure/sentinel/microsoft-365-defender-sentinel-integration?toc=/unified-soc-platform/toc.json&bc=/unified-soc-platform/breadcrumb/toc.json&tabs=defender-portal
+          - name: Experience in the Defender portal
+            href: /azure/sentinel/microsoft-sentinel-defender-portal?toc=/unified-soc-platform/toc.json&bc=/unified-soc-platform/breadcrumb/toc.json
+        - name: Microsoft Defender for Cloud
+          href: /defender-xdr/microsoft-365-security-center-defender-cloud
+        - name: Microsoft Defender for IoT
+          href: /defender-for-iot/microsoft-defender-iot
+        - name: Microsoft Copilot for Security in the Defender portal
+          href: /defender-xdr/security-copilot-in-microsoft-365-defender
+    - name: Plan ## Leverage existing zero trust articles? One article for USX all up planning (like guide that links out).
+      items:
+        - name: Zero trust security ## Discuss principles around Zero Trust security, link to the Zero Trust doc set as needed.
+          items:
+          - name: Microsoft Sentinel and Microsoft Defender XDR
+            href: /security/operations/siem-xdr-overview
+          - name: Microsoft Defender XDR
+            href: /defender-xdr/zero-trust-with-microsoft-365-defender
+          - name: Microsoft Defender for Cloud
+            href: /azure/defender-for-cloud/zero-trust
+          - name: Microsoft Defender for Cloud Apps
+            href: /defender-cloud-apps/zero-trust
+          - name: Microsoft Defender for Identity
+            href: /defender-for-identity/zero-trust
+          - name: Microsoft Defender for IoT
+            href: /azure/defender-for-iot/organizations/concept-zero-trust
+        - name: Plan for unified security operations ## NEW article that covers specific to USX all up and link out to service topics
+          href: /defender-xdr/prerequisites ## PLACEHOLDER LINK
+    - name: Deploy ## Need new high level article. Put post deployment links at the end of article. Single article outlining deployment steps for Defender portal services. Point to services for more details. NEW article title: Deploy the Microsoft unified security operations 
+      Items:
+        - name: Connect Microsoft Sentinel to Microsoft Defender
+          href: /defender-xdr/microsoft-sentinel-onboard
+    - name: Prevent attacks ## (Pre-breach) - Renamed from reduce risks. one article that summarizes how to do that with USX
+      items:
+        - name: Overview ## NEW Single article or perhaps a couple of articles that summarize our pre-breach protection philosophy, with links to relevant service articles. The article should align with the info about preventing attacks that;s in the datasheet. "Through a single portal, continuously monitor your digital environment, assess risk, and implement posture improvements using security controls across all platforms, cloud, and hybrid infrastructure". 
+          href: /azure/sentinel/sap/deployment-attack-disrupt ## PLACEHOLDER LINK
+        - name: Microsoft Secure Score ## Write a single article or two that condenses all the info in the Protect against threats/Microsoft Secure Score section. Or because this is going away, we just link in all the articles? Or put them in reference?
+          items:
+          - name: Overview
+            href: /defender-xdr/microsoft-secure-score.md
+          - name: What's new
+            href: /defender-xdr/microsoft-secure-score-whats-new.md
+          - name: Assess your security posture
+            href: /defender-xdr/microsoft-secure-score-improvement-actions.md
+          - name: Track your score history and meet goals
+            href: /defender-xdr/microsoft-secure-score-history-metrics-trends.md
+          - name: Data storage and privacy
+            href: /defender-xdr/secure-score-data-storage-privacy.md
+    - name: Detect threats ## Have each writer provide article and then we summarize in one article. Our outline and scope should align to datasheet: "Get visiblity into, and disrupt attacks in real time across identities, endpoints, email, cloud apps, data in hybrid and multicloud environments"
+      href: /azure/sentinel/threat-detection ## PLACEHOLDER LINK
+    - name: Hunt for threats ## Seperating this out because per PM hunting might happen in different scenarios. Also wanting it higher level as advanced hunting is one of the things highlighted for USX. 
+      items:
+      - name: Overview
+        href: /defender-xdr/advanced-hunting-overview ## PLACEHOLDER - Need overview article about the hunting features across services. Advanced hunting, custom detections, hunts in Sentinel
+      - name: Search with advanced hunting 
+        items:
+        - name: Overview
+          href: /defender-xdr/advanced-hunting-overview
+        - name: Advanced hunting in the Microsoft Defender portal
+          href: /defender-xdr/advanced-hunting-microsoft-defender
+        - name: Guided and advanced modes
+          href: /defender-xdr/advanced-hunting-modes
+        - name: Generate KQL queries with Security Copilot
+          href: /defender-xdr/advanced-hunting-security-copilot
+        - name: Build hunting queries using guided mode
+          href: /defender-xdr/advanced-hunting-query-builder
+        - name: Work with query results
+          href: /defender-xdr/advanced-hunting-query-results
+        - name: Take action on query results
+          href: /defender-xdr/advanced-hunting-take-action
+        - name: Hunt for ransomware
+          href: /defender-xdr/advanced-hunting-find-ransomware
+        - name: Learn the query language
+          href: /defender-xdr/advanced-hunting-query-language
+        - name: Get expert training
+          href: /defender-xdr/advanced-hunting-expert-training
+        - name: Use shared queries
+          href: /defender-xdr/advanced-hunting-shared-queries
+    - name: Investigate incidents ## could be incidents, threats, posture findings. Need an overview article for USX. Current overviews (XDR/Sentinel) don't appear to be updated for USX.
+      items:
+        - name: Overview
+          href: /defender-xdr/investigate-incidents ## Would need update to apply to USX. Per Dianne, this isn't XDR specific.
+        - name: Alerts, incidents, and correlation
+          href: /defender-xdr/alerts-incidents-correlation
+        - name: Manage incidents
+          href: /defender-xdr/manage-incidents
+        - name: Investigate alerts
+          href: /defender-xdr/investigate-alerts
+        - name: Investigate incidents in Copilot for Security ## This article is specific to Sentinel in the context of using outside of USX and with XDR in USX. We don't think it applies to Sentinel only but need to confirm with PM.  Austin thought title w/o mentioning Sentinel is misleading. We might need to leave this out of TOC or as part of plan/deploy to integrate Sentinel w/ Copilot features.
+          href: /azure/sentinel/sentinel-security-copilot
+        - name: Investigate with Microsoft Copilot in Microsoft Defender ## Copied entire section from XDR TOC
+          items:
+          - name: Overview
+            href: /defender-xdr/security-copilot-in-microsoft-365-defender.md
+          - name: Summarize incidents
+            href: /defender-xdr/security-copilot-m365d-incident-summary.md
+          - name: Run script analysis
+            href: /defender-xdr/security-copilot-m365d-script-analysis.md
+          - name: Analyze files
+            href: /defender-xdr/copilot-in-defender-file-analysis.md
+          - name: Generate device summaries
+            href: /defender-xdr/copilot-in-defender-device-summary.md
+          - name: Use guided responses
+            href: /defender-xdr/security-copilot-m365d-guided-response.md
+          - name: Generate KQL queries
+            href: /defender-xdr/advanced-hunting-security-copilot.md
+          - name: Create incident reports
+            href: /defender-xdr/security-copilot-m365d-create-incident-report.md
+        - name: Investigate entities
+          items: 
+          - name: Overview
+            href: /azure/sentinel/entity-pages?tabs=azure-portal
+          - name: User entity pages
+            href: /defender-xdr/investigate-users.md
+          - name: Device entity pages
+            href: /defender-xdr/entity-page-device.md
+          - name: IP entity pages
+            href: /defender-xdr/entity-page-ip.md
+    - name: Respond to threats
+      items:
+        - name: Overview
+          href: /defender-xdr/incidents-overview
+        - name: Prioritize incidents
+          href: /defender-xdr/incident-queue
+        - name: Automatic attack disruption 
+          items:
+          - name: Overview
+            href: /defender-xdr/automatic-attack-disruption
+          - name: Configure capabilities
+            href: /defender-xdr/configure-attack-disruption
+          - name: View results
+            href: /defender-xdr/autoad-results
+        - name: Review remediations in the action center
+          href: /defender-xdr/m365d-action-center
+    - name: Optimize your security operations 
+      items:
+        - name: Overview
+          href: /azure/sentinel/soc-optimization/soc-optimization-access?tabs=defender-portal
+        - name: Interact with recommendations programatically 
+          href: /azure/sentinel/soc-optimization/soc-optimization-api
+        - name: SOC optimization reference
+          href: /azure/sentinel/soc-optimization/soc-optimization-reference
+    - name: Manage your unified SOC ## Need article w/ overview about settings? What else needs to go here? Several other things like permissions and costs would get referenced by planning guide.
+      items:
+        - name: Manage multiple tenants ## Work will start soon to integrate Sentinel into one or more of these articles. Copied in entire section from XDR library
+          items: 
+            - name: Overview
+              href: /defender-xdr/mto-overview
+            - name: Set up multi-tenant management
+              href: /defender-xdr/mto-requirements
+            - name: Manage incidents and alerts
+              href: /defender-xdr/mto-incidents-alerts
+            - name: Advanced hunting
+              href: /defender-xdr/mto-advanced-hunting.md
+            - name: Multitenant devices
+              href: /defender-xdr/mto-tenant-devices.md
+            - name: Vulnerability management
+              href: /defender-xdr/mto-dashboard.md
+            - name: Manage tenants
+              href: /defender-xdr/mto-tenants.md
+            - name: Manage endpoint security policies
+              href: /defender-xdr/mto-endpoint-security-policy.md
+            - name: Manage content distribution with tenant groups
+              href: /defender-xdr/mto-tenantgroups.md
+        - name: Configure notifications
+          items:
+          - name: Get incident notifications
+            href: /defender-xdr/m365d-notifications-incidents
+          - name: Configure alert notifications
+            href: /defender-xdr/configure-email-notifications 
+    - name: Resources
+      items:
+        - name: Threat actor naming
+          href: /defender-xdr/microsoft-threat-actor-naming
+        - name: Identification of malware and unwanted apps
+          href: /defender-xdr/criteria
+        - name: Submit files for analysis
+          href: /defender-xdr/submission-guide
+        - name: Microsoft virus initiative
+          href: /defender-xdr/virus-initiative-criteria
+        - name: Microsoft security portals
+          href: /defender-xdr/portals
diff --git a/defender-xdr/unified-soc-platform/breadcrumb/toc.yml b/defender-xdr/unified-soc-platform/breadcrumb/toc.yml
@@ -0,0 +1,22 @@
+- name: 'Microsoft Defender'
+  tocHref: /defender/
+  topicHref: /defender/index
+  items:
+  - name: 'Microsoft unified security operations platform'
+    tocHref: /defender-xdr/unified-soc-platform/
+    topicHref: /defender-xdr/unified-soc-platform/index
+  - name: 'Microsoft unified security operations platform'
+    tocHref: /security/zero-trust/
+    topicHref: /defender-xdr/unified-soc-platform/index
+  - name: Unified security operations platform
+    tocHref: /defender-for-identity/
+    topicHref: /defender-xdr/unified-soc-platform/index
+
+## Microsoft Sentinel override
+- name: 'Microsoft Defender'
+  tocHref: /azure/
+  topicHref: /defender/index
+  items:
+  - name: 'Unified security operations platform'
+    tocHref: /azure/sentinel/
+    topicHref: /defender-xdr/unified-soc-platform/index
diff --git a/defender-xdr/unified-soc-platform/index.yml b/defender-xdr/unified-soc-platform/index.yml
@@ -0,0 +1,33 @@
+### YamlMime:Landing
+
+title: Microsoft unified security operations platform # < 60 chars
+summary: The unified security operations platform brings together the full capabilities of Microsoft Sentinel, Defender XDR, and generative AI. # < 160 chars
+
+metadata:
+  title: Microsoft unified security operations platform documentation # Required; page title displayed in search results. Include the brand. < 60 chars.
+  description: The unified security operations platform brings together the full capabilities of Microsoft Sentinel, Defender XDR, and generative AI. # Required; article description that is displayed in search results. < 160 chars.
+  ms.service: defender-xdr #Required; use either service or product per approved list. 
+  ms.subservice: usx
+  ms.topic: landing-page # Required
+  ms.collection: usx-security # Optional; Remove if no collection is used.
+  author: cwatson-cat #Required; your GitHub user alias, with correct capitalization.
+  ms.author: cwatson #Required; microsoft alias of author; optional team alias.
+  ms.date: 07/30/2024 #Required; mm/dd/yyyy format.
+
+# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | tutorial | overview | quickstart | reference | sample | tutorial | video | whats-new
+
+landingContent:
+# Cards and links should be based on top customer tasks or top subjects
+# Start card title with a verb
+  # Card 
+  - title: About the Microsoft security operations platform
+    linkLists:
+      - linkListType: overview
+        links:
+          - text: What is the Microsoft security operations platform?
+            url: /defender-xdr/microsoft-365-defender
+      - linkListType: whats-new
+        links:
+          - text: What's new in the Microsoft security operations platform
+            url: /defender-xdr/unified-soc-platform/whats-new
+
diff --git a/defender-xdr/unified-soc-platform/whats-new.md b/defender-xdr/unified-soc-platform/whats-new.md
@@ -0,0 +1,77 @@
+---
+title: What's new in the Microsoft unified security operations platform
+description: Lists the new features and functionality in the Microsoft unified security operations platform
+search.appverid: met150
+ms.service: defender-xdr
+ms.author: cwatson
+author: cwatson-cat
+ms.localizationpriority: medium
+ms.date: 07/16/2024
+manager: dansimp
+audience: ITPro
+ms.collection:
+- M365-security-compliance
+- tier1
+- usx-security
+ms.topic: conceptual
+---
+
+# What's new in the Microsoft unified security operations platform
+
+<!--Need to define when something goes here versus other what's new articles. Maybe we just focus on updates within this library and things tied directly to USX (features that unblock onboarding, parity features with Sentinel, enhancements to core USX features?) -->
+
+This article lists recent features added into the Microsoft unifed security operations platform within the Microsoft Defender portal, and new features in related services that provide an enhanced user experience in the platform.
+
+The listed features were released in the last three months. For information about earlier features delivered, see our [Tech Community blogs](https://techcommunity.microsoft.com/t5/azure-sentinel/bg-p/AzureSentinelBlog/label-name/What's%20New).
+
+For more information on what's new with other Microsoft Defender security products and Microsoft Sentinel, see:
+
+- [What's new in Microsoft Sentinel](/azure/sentinel/whats-new)
+- [What's new in Microsoft Defender XDR](/defender-xdr/whats-new)
+- [What's new in Microsoft Defender for Office 365](/defender-office-365/defender-for-office-365-whats-new)
+- [What's new in Microsoft Defender for Endpoint](/defender-endpoint/whats-new-in-microsoft-defender-endpoint)
+- [What's new in Microsoft Defender for Identity](/defender-for-identity/whats-new)
+- [What's new in Microsoft Defender for Cloud Apps](/cloud-app-security/release-notes)
+
+You can also get product updates and important notifications through the [message center](https://admin.microsoft.com/Adminportal/Home#/MessageCenter).
+
+
+## July 2024
+
+- [SOC optimizations now generally available](#soc-optimizations-now-generally-available)
+- [SAP Business Technology Platform (BTP) connector now generally available](#sap-business-technology-platform-btp-connector-now-generally-available-ga)
+- [Microsoft unified security platform now generally available](#microsoft-unified-security-platform-now-generally-available)
+
+### SOC optimizations now generally available
+
+The SOC optimization experience in both the Azure and Defender portals is now generally available for all Microsoft Sentinel customers, including both data value and threat-based recommendations.
+
+- **Use data value recommendations** to improve your data usage of ingested billable logs, gain visibility to underused logs, and discover the right detections for those logs or the right adjustments to your log tier or ingestion.
+
+- **Use threat-based recommendations** to help identify gaps in coverage against specific attacks based on Microsoft research and mitigate them by ingesting the recommended logs and adding recommended detections.
+
+The [`recommendations`](/azure/sentinel/soc-optimization/soc-optimization-api) API is still in Preview. 
+
+For more information, see:
+
+- [Optimize your security operations](/azure/sentinel/soc-optimization/soc-optimization-access)
+- [SOC optimization reference of recommendations](/azure/sentinel/soc-optimization/soc-optimization-reference)
+
+### SAP Business Technology Platform (BTP) connector now generally available (GA)
+
+The Microsoft Sentinel Solution for SAP BTP is now generally available (GA). This solution provides visibility into your SAP BTP environment, and helps you detect and respond to threats and suspicious activities.
+
+For more information, see:
+
+- [Microsoft Sentinel Solution for SAP Business Technology Platform (BTP)](/azure/sentinel/sap/sap-btp-solution-overview)
+- [Deploy the Microsoft Sentinel solution for SAP BTP](/azure/sentinel/sap/deploy-sap-btp-solution)
+- [Microsoft Sentinel Solution for SAP BTP: security content reference](/azure/sentinel/sap/sap-btp-security-content)
+
+### Microsoft unified security platform now generally available
+
+Microsoft Sentinel is now generally available within the Microsoft unified security operations platform in the Microsoft Defender portal. The Microsoft unified security operations platform brings together the full capabilities of Microsoft Sentinel, Microsoft Defender XDR, and Microsoft Copilot in Microsoft Defender. For more information, see the following resources:
+
+- Blog post: [General availability of the  Microsoft unified security operations platform](https://aka.ms/unified-soc-announcement)
+- [Microsoft Sentinel in the Microsoft Defender portal](/azure/sentinel/microsoft-sentinel-defender-portal)
+- [Connect Microsoft Sentinel to Microsoft Defender XDR](/defender-xdr/microsoft-sentinel-onboard)
+- [Microsoft Copilot in Microsoft Defender](/defender-xdr/security-copilot-in-microsoft-365-defender)
